How to use eBPF for application statistics in Linux

Presented by:

I am a member of the openSUSE Japan User Group and hold and join local events.

No video of the event yet, sorry!

eBPF(extended BPF) is extended BPF(Berkeley Packet Filter).
BPF has proposed in 1993 an efficient packet filtering method for BSD.
BPF had a virtual register machine for efficient packet filtering.
Currently, BPF is used for non-packet filtering in Linux.
For example, seccomp is filtering system call for sandbox.
XDP is kernel space packet processing system.
XDP is used cilium that is kernel-native networking and security toolchain.
It is eBPF.
eBPF can intercept for Linux kernel and support programs.
In this talk, I introduce where is eBPF used and how to use the eBPF to Linux application statistics.
Specifically, I introduce the eBPF programming method using statistics of PostgreSQL query processing time.
PostgreSQL supports probes for dtrace, and eBPF can intercept program this dtrace probe.
In addition, processing time statistics can be created more easily by using a library of bcc, which makes eBPF easy to use.
Have a lot fan of eBPF :)